Windows File Protection and Longhorn

[XKnoppix]

Okay...

I want to install this new Longhorn Transformation 4.0 Refresh silently on my Unattended CD, it's sweet But when i installed it i noticed that the installer tells you to cancel the WFP errors that occur. So i did... and everything went fine But on the other hand i know i can't have those errors during an unattended install. So i did a search on WFP and found some interesting things at MSFN's Unattended Guide

This scares me a little bit...

I would strongly advise against using this method as your system files will be vulnerable to viruses that will attempt to overwrite them, which could result in a un-bootable system.

So i was wondering if it is possible to disable WFP during the install and re-enable it automatically afterwards. If anyone can help me, or know another way of installing this, your help will be appreciated.

Thank You

[Aaron]

Import a reg file at the very end of your unattended installation, it will be re-enabled on the next boot:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCSetting"=dword:00000000

[XKnoppix]

@AaronXP

What do you mean at the end? The end of my RunOnceEx file? Which process is one of the last processed? Because i'm sure it would go there But i don't know where that is, so let me know.

Thanks

[Aaron]

Yes, put it in RunOnceEx if this is the 'last unattended method' being run.

[XKnoppix]

What do you mean "if this is the 'last unattended method' being run" ?

I thought that's what i asked you? I don't know the order so i was guessing that runonceex was one of the last things ran because it runs after first boot?

Thanks

[Aaron]

Well I'm being careful in what I say because lots of members here run their unattended installations in different ways. Sometimes they may execute more runonce keys and have them run on subsequent reboots.

Look at it this way: if RunOnceEx is the last thing being run, and you're planning a reboot after that to normal desktop usage, then import the key via RunOnceEx.

[XKnoppix]

Okay i'm not any stretch of an advanced user here So... i'm sure RunOnceEx is the last thing ran. So i'll put:

REG ADD %KEY%\140 /VE /D "Enabling Windows File Protection" /f
REG ADD %KEY%\140 /V 1 /D "REGEDIT /S %systemdrive%\install\wfp.reg" /f

in the last line of my RunOnceEx How does that sound?

[Aaron]

Sure, that's fine!

[XKnoppix]

I'm a little puzzled when i look at this setup i have going?!?

First of all, look at the end of my RunOnceEx file:

REG ADD %KEY%\140 /VE /D "Longhorn Transformation Pack" /f
REG ADD %KEY%\140 /V 1 /D "%systemdrive%\install\Applications\Longhorn\Longhorn Transformation Pack.exe /s" /f
REG ADD %KEY%\140 /V 2 /D "taskkill.exe /F /IM Longhorn Transformation Pack.exe" /f

REG ADD %KEY%\150 /VE /D "Applying Registry Tweaks" /f
REG ADD %KEY%\150 /V 1 /D "REGEDIT /S %systemdrive%\install\RegTweaks.reg" /f

REG ADD %KEY%\160 /VE /D "Enabling Windows File Protection" /f
REG ADD %KEY%\160 /V 1 /D "REGEDIT /S %systemdrive%\install\Applications\Longhorn\wfp.reg" /f

REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Run /V Cleanup /D "%systemdrive%\cleanup.cmd"

EXIT

Second of all, check out these line in my RegTweaks.reg file:

;Disable Windows File Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:ffffff9d

Therefore (if i'm not missing something) It's trying to install Longhorn Transformation Pack (without WFP disabled) Then it applies the reg tweaks (which includes disabling WFP) Then in the next step it re-enables WFP...

What's an easy and effective way to solve this problem?

Thanks

[Alanoll]

if you used the file from the unattended.msfn.org website, the sfc_os.dll file, replace that in your i386.

the then in hivesft.inf i belive, add the line the page tells you (on the website).

That will disable WFP right then and there.

the process should then go Install Transform, apply tweaks, then renable. The tweaks can actually be done before or after or whenever you want. cleanup.cmd should always be last if it has your delete command.

What you have is correct.

However, the SFCDisable is no longer neccesary and should be removed when you use the hacked dll. SFCDisable never worked in the first place unless you have a kernel debugger to go with it.

[XKnoppix]

Okay i'll give it a shot. Speaking of my cleanup.cmd file:

cmdow @ /HID
@echo off

REG DELETE HKLM\software\Microsoft\Windows\CurrentVersion\Run /V "Cleanup" /f

DEL "%systemroot%\*.bmp"
DEL "%systemroot%\system32\dllcache\*.scr"
DEL "%systemroot%\system32\*.scr"

DEL "%systemdrive%\Documents and Settings\All Users\Start Menu\Windows Update.lnk"
DEL "%systemdrive%\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk"
DEL "%systemdrive%\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk"

net user aspnet /delete

RD /S /Q %systemdrive%\Drivers
RD /S /Q %systemdrive%\install
RD /S /Q "%allusersprofile%\Start Menu\Programs\PrintMe Internet Printing"

DEL "%allusersprofile%\Desktop\*.lnk"
DEL "%userprofile%\Desktop\*.lnk"

attrib -R "%programfiles%\mIRC\*.*" /S /D
attrib -R "%programfiles%\FlashFXP\*.*" /S /D
attrib -R "%allusersprofile%\Application Data\Microsoft\Network\Connections\Pbk\*.*" /S /D

shutdown.exe -r -f -t 60 -c "Windows XP will now restart in 1 minute, this will give enough time for the shortcuts to update and for the shell to fully load before its ready to restart!"

EXIT

Can i setup my user accounts from there rather than the usual cmdlines.txt, useraccounts.reg setup? I'm just trying to find the most hassle free setup

Thanks

[Alanoll]

uh....

just think about this now...

you need a user to logon for those batches to execute. But you want to create a user in one of the batches that requires a user to execute. What user are you planning are executing the batches from?

perhaps that answered the question

[XKnoppix]

Gotcha Just an idea...